Types

Pkcs7 represents an abstract PKCS#7 structure. The concrete
type of structure is hidden in the object: such polymorphism isn't
very haskellish but please get it out of your mind since OpenSSL is
written in C.

If Pkcs7NoCerts is
set the signer's certificate will not be
included in the PKCS#7 structure, the
signer's certificate must still be
supplied in the parameter though. This
can reduce the size of the signature if
the signer's certificate can be obtained
by other means: for example a previously
signed message.

The data being signed
is included in the PKCS#7 structure,
unless Pkcs7Detached is set in which
case it is ommited. This is used for
PKCS#7 detached signatures which are
used in S/MIME plaintext signed message
for example.

Normally the supplied
content is translated into MIME
canonical format (as required by the
S/MIME specifications) but if
Pkcs7Binary is set no translation
occurs. This option should be uesd if
the supplied data is in binary format
otherwise the translation will corrupt
it.

The signedData
structure includes several PKCS#7
authenticatedAttributes including the
signing time, the PKCS#7 content type
and the supported list of ciphers in an
SMIMECapabilities attribute. If
Pkcs7NoAttr is set then no
authenticatedAttributes will be used. If
Pkcs7NoSmimeCap is set then just the
SMIMECapabilities are omitted.

If
Pkcs7NoIntern is set the
certificates in the message itself
are not searched when locating the
signer's certificate. This means
that all the signers certificates
must be in the second argument
([X509]).

If Pkcs7NoChain
is set then the certificates
contained in the message are not
used as untrusted CAs. This means
that the whole verify chain (apart
from the signer's certificate)
must be contained in the trusted
store.

Normally the supplied
content is translated into MIME
canonical format (as required by the
S/MIME specifications) if
Pkcs7Binary is set no translation
occurs. This option should be used if
the supplied data is in binary format
otherwise the translation will
corrupt it. If Pkcs7Binary is set
then Pkcs7Text is ignored.